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CLAIMS 



[Claim(s)] 

[Claim 1] An instruction receiving means to receive a document acquisition instruction from a user, and a user security 
acquisition means to acquire the security information of said user who published said document acquisition instruction, 
A document acquisition means to acquire the document specified with said document acquisition instruction, and a 
document element security acquisition means to acquire the security information of the component for every 
component of the acquired document, An indication judging means to judge the indication possibility to the user of the 
component for every component of said acquired document from the relation between the security information of the 
component, and said user's security information, Document offer equipment equipped with an output-control means to 
edit and output said acquired document according to the result of a judgment of the indication possibility for said every 
component. 

[Claim 2] Said document acquisition means is document offer equipment according to claim 1 characterized by 
acquiring the document specified with said document acquisition instruction through a network. 
[Claim 3] It is document offer equipment according to claim 1 characterized by transposing to the permutation 
information registered beforehand and outputting to it about the component judged as an indication with said indication 
judging means being impossible for said output-control means. 

[Claim 4] Said output-control means is document offer equipment according to claim 3 characterized by memorizing 
the information for generating said permutation information for every class of said component, and transposing to the 
permutation information according to the class for said every component. 

[Claim 5] It is document offer equipment according to claim 1 which is equipped with a means to hold the judgment 
Ruhr used as the criteria of a judgment of the indication possibility based on the relation between said user's security 
information, and the security information of the component of said document, and is characterized by said indication 
judging means judging indication possibility with reference to this judgment Ruhr. 

[Claim 6] A means to acquire the digital certificate of the user who is the publisher of said document acquisition 
instruction, It has a means to verify the justification of the digital certificate acquired corresponding to said document 
acquisition instruction. Said document acquisition means The document output unit according to claim 1 which 
accesses as said user's substitute using the digital certificate, and acquires the document to the server which holds the 
document specified with the document acquisition instruction when it is able to verify that said user's digital certificate 
is just. 

[Claim 7] A means to acquire and memorize the digital certificate of the user who is the publisher of said document 
acquisition instruction, It is the means which notifies the user who is said publisher about the event generated in the 
processing about said document acquisition instruction. Document offer equipment [ equipped with a notice means of 
an event to notify after enciphering the contents of a notice using the information on the digital certificate when the 
user's digital certificate is memorized by said certificate storage means ] according to claim 1 . 
[Claim 8] The document server holding the document with which security information was set up per component, 
According to the document acquisition demand from a user, a document is acquired from said document server. The 
propriety of an indication is judged for each [ these ] component of every from the relation of the security level and a 
user's security level of each component of this document. It is a document offer system containing the document offer 
equipment with which performs predetermined secrecy processing about the component which cannot be indicated 
according to the judgment result, and said user is provided. 

[Claim 9] It is the document offer system according to claim 8 which is equipped with the directory service which 
manages each user's security level, and is characterized by said document offer equipment acquiring said user's security 
level from this directory service. 

[Claim 10] Said document offer equipment is a document offer system according to claim 8 characterized by receiving 
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a digital certificate from a user and acquiring the security level of the user concerned from this digital certificate. 

[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the document offer equipment which performs a document output 

according to the demand from a user. 

[0002] 

[Description of the Prior Art] The system which provides users, such as a document server on LAN and a Web (web) 
server on the Internet, with an electronic filing document has spread. Moreover, assignment of URL of a document is 
received from a user through direct or a network, and the printer with the function which acquires and prints that 
document on the Internet using this URL is also developed in recent years. 

[0003] In such a system, the security management about a document indication poses an important problem. For 
example, it is created in corporate activity and the level of security is various even to the document which requires 
advanced secrecy from the document which generally exhibits the document saved widely. The security management 
of such an electronic filing document was performed by setting up an access privilege per a text file unit or folder 
(directory) to the former, for example, each user, and an user group. Moreover, in case access to a Web page (HTML 
document) is received, a password input etc. performs user authentication and it is performed widely that only what 
was permitted beforehand prevents also from perusing an HTML document. 

[0004] Moreover, in case printing operator guidance is published from client equipment to a print server, the system 
which determines the activation propriety of the operator guidance about a print job is indicated by JP,9-293036,A by 
creating identification card data with a publisher's user name, transmitting to a print server, and performing user 
authentication based on this identification card data by the print server side. In this system, user authentication is made 
possible in the printer corresponding to a multi-protocol by using the identification card data independent of the 
protocol of operator guidance. 
[0005] 

[Problem(s) to be Solved by the Invention] however, the technique has performed management of the security by user 
authentication only in the unit of a text file, a folder, or a print job since each above-mentioned **. 
[0006] However, generally the report of various contents, the plate, the photograph, etc. are included in one document, 
and each of these have the meaning of a proper. When extreme, at least each phrases, such as proper nouns, such as a 
company name and a trademark of a product, may have important semantics on security. Therefore, if there are a 
strictly confidential report, at least one a plate, a phrase, etc. in a document, it is common to treat the whole document 
as strictly confidential and to restrict perusal. Moreover, when it was going to indicate the document of the same 
contents for two or more objects from which the release by in-house intranet, the extranet between customer 
companies, and the Internet etc. and information disclosure level differ, for example, in consideration of the level 
which can be indicated, individual creation of the Web page had to be conventionally carried out for every candidate 
for an indication. 

[0007] Thus, there are whether conventionally, it judges an indication and un-indicating per document or the version of 
**** for [ each ] an indication is beforehand created about the document of these contents. The former could not be 
said to be thing sufficient in the field of a deployment of a document, but there was a problem that time and effort 
required it although the latter can perform a deployment of a document. 

[0008] This invention is made in view of such a problem, and aims at offering the equipment and the system which are 

little time and effort and can perform the security management of a document indication finely. 

[0009] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, the document offer equipment 
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concerning this invention An instruction receiving means to receive a document acquisition instruction from a user, and 
a user security acquisition means to acquire the security information of said user who published said document 
acquisition instruction, A document acquisition means to acquire the document specified with said document 
acquisition instruction, and a document element security acquisition means to acquire the security information of the 
component for every component of the acquired document, An indication judging means to judge the indication 
possibility to the user of the component for every component of said acquired document from the relation between the 
security information of the component, and said user's security information, According to the result of a judgment of 
the indication possibility for said every component, it has an output-control means to edit and output said acquired 
document. 

[0010] According to this configuration, document offer equipment can add and output required edit, after judging the 
indication possibility to a user per component of a document. In addition, a method which may hold and manage the 
document to offer by itself, for example, acquires the document to offer from other servers on a network, and adds 
required edit is sufficient as this document offer equipment. 

[001 1] Moreover, in a suitable mode, an output-control means is replaced and outputted to the permutation information 
registered beforehand about the component judged that is [ an indication with said indication judging means ] 
impossible. Furthermore, suitably, the output-control means memorizes the information for generating said permutation 
information for every class of said component, and transposes it to the permutation information according to the class 
for said every component. 

[0012] Moreover, in another suitable mode, it has a means to hold the judgment Ruhr used as the criteria of a judgment 
of the indication possibility based on the relation between a user's security information and the security information of 
a document component, and said indication judging means judges indication possibility with reference to this judgment 
Ruhr. In this mode, even if it changes neither each user nor the security information of a document component, the 
indication range can be changed by changing the indication Ruhr. 

[0013] In another suitable mode, moreover, document offer equipment It has a means to acquire the digital certificate 
of the user who is the publisher of said document acquisition instruction, and a means to verify the justification of the 
digital certificate acquired corresponding to said document acquisition instruction. Said document acquisition means 
When verifiable in said user's digital certificate being just, to the server holding the document specified with the 
document acquisition instruction, it accesses as said user's substitute using the digital certificate, and the document is 
acquired. In this mode, in case document offer equipment acquires a document from the storage area of a document, a 
user's digital certificate can be used and the substitute acquisition of the document can be carried out by the secure 
communication mode. 

[0014] In another suitable mode, moreover, document offer equipment A means to acquire and memorize the digital 

certificate of the user who is the publisher of said document acquisition instruction, It is the means which notifies the 

user who is said publisher about the event generated in the processing about said document acquisition instruction. 

When the user's digital certificate is memorized by said certificate storage means, it has a notice means of an event to 

notify after enciphering the contents of a notice using the information on the digital certificate. In this mode, the secret 

of the contents of the notice from document offer equipment to a user can be protected. 

[0015] Moreover, the document server to which the document offer system concerning this invention holds the 

document with which security information was set up per component, According to the document acquisition demand 

from a user, a document is acquired from said document server. The propriety of an indication is judged for each 

[ these ] component of every from the relation of the security level and a user's security level of each component of this 

document. It has document offer equipment with which performs predetermined secrecy processing about the 

component which cannot be indicated according to the judgment result, and said user is provided. 

[0016] In this system, in case a document is offered to a user, per component of a document, indication propriety is 

judged, and after performing predetermined secrecy processing about the element which cannot be indicated, it can 

output. According to this system, need to create two or more versions which changed the indication range for every. 

level of a user's security (access permission), and it is not necessary to hold them about the document of the same 

contents. 

[0017] 

[Embodiment of the Invention] Hereafter, the gestalt (henceforth an operation gestalt) of operation of this invention is 
explained based on a drawing. 

[0018] Drawing 1 is drawing showing the overall system configuration of the operation gestalt of this invention. This 
operation gestalt explains the print system 1 0 with a pull print function taking the case of the case where operate it with 
the directions from the remote user terminal 20, and it prints. A pull print function is a function which receives the 
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.addresses (URI (uniform resource identifier) etc.) of the text file for printing from a user, and acquires and prints that 
text file using this address. 

[0019] User terminals 20 are PC (personal computer), a Personal Digital Assistant, a cellular phone, etc. The document 
servers 30 are servers which offer files, such as a document, to a user, such as for example, a Web (WWW: World 
Wide Web) server and an anonymous FTP server. 

[0020] The print system 10 is equipped with the function to receive the Print-URI instruction specified to IPP/1.0 
(internet Printing protocol: [RFC2565], [RFC2566]). If URI is specified with a Print-URI instruction from a user 
terminal 20 and printing is directed, the print system 10 will access the document server 30 which stored the document 
which the URI shows through the Internet 40, and will acquire and print the file of the document. At this time, the print 
system 10 of this operation gestalt judges the indication possibility of the acquired document in component units, such 
as a report, and a plate, a phrase, and after performing predetermined secrecy processing to the user of printing demand 
origin about the component which cannot be indicated, it performs printing processing. 

[0021] The judgment of the indication propriety of a document component is performed based on the comparison with 
the security level of the component concerned, and the security level of the user of printing demand origin. For this 
reason, security level can be set to a document per component. And the print system 10 is equipped with the device 
which acquires the security level of each [ these ] component, and the security level of the user of printing demand 
origin. 

[0022] With reference to drawing 2 , an example of the approach of a setup of the security level in the component unit 
of a document is explained. 

[0023] Drawing 2 is an example of the document with which security level was set up per component. This example is 
an example in the case of an HTML document, and uses two methods for the setup of the security level to the 
component of a document. 

[0024] The first method is a method used when setting up security level in the unit of the document element of HTML, 
and adds a Publicity parameter to the existing tag showing the document element. In the example of drawing 2 , the 
parameter is set up in the form of "Publicity="level 1"" after the tag name "BODY" of the <BODY> tag 500 which 
expresses the body of a document, for example. It means that the security level expressed with the character string 
"level 1" was set up to the document element "BODY" by this. By such method, security level can be specified by 
describing a Publicity parameter following a tag name to all the tags (namely, document element) defined not only in 
the illustrated "BODY" tag but in HTML. 

[0025] The second method of security level setting is a method in the case of setting up security level to the phrase in 
one document element etc. By this method, security level is set to that character string etc. by inserting the target 
character string etc. with the <Publicity> tag set to level setting. For example, in the example of drawing 2 , initiation 
tag 510a (<Publicity Level-"level3">) of the <Publicity> tag and termination tag 510b (</Publicity>) are set up before 
and after the character string 515 the "pine, bamboo, and plum" of the text part of an HTML document. Security level 
is set as the Level parameter in the tag (for example, "Level-'leveB""). The set of an assignment possible value is the 
same as the case of the Publicity parameter in the first above-mentioned method as a Level parameter here. 
[0026] Thus, in the example shown in drawing 2 , security level can be set up to the element of level, such as a 
document element of an HTML document, and a phrase in it. A document preparation person can set up security level / 
according to an individual for every component of a document by such approach. Such a document is stored in the 
document server 3 0 . ~ ^ 

[0027] The print system 10 will be judged to be what the security level shown in the parameter etc. is specified as about 
a document element or a phrase etc. to which the parameter and tag were given, if a Publicity parameter and the 
<Publicity> tag are detected in case it parses the document when a document as shown in drawing 2 is acquired. 
[0028] A user's security level is given by the system administrator of the organization of for example, office and others. 
Although it may be made to hold to the print system 10, if the centralized control of the information on each user's 
security level is carried out with another server equipment and it enables it to refer to from each print system 10 on a 
network, it is advantageous in respect of the maintenance cost about each cost and security level of a print system. [ of 
the print system 10 ] As one of such the approaches, the method which manages security level information in the 
directory service on a network is possible. 

[0029] Next, with reference to drawing 3 , the detailed configuration of the print system 10 and the procedure of the 
printing processing by this system are explained. The system of drawing 3 consists of a print server 100 which 
performs management of a job, and expansion to the format which can be printed, and a print engine 150 which 
performs printing processing to a form. In addition, in drawing 3 , the data flow of the document for printing is the 
continuous-line arrow head which the black dot mark attached to the end face, and the broken-line arrow head shows 
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.the flow of the message between functional modules. 

[0030] In each functional module of a print server 100, the job receive section 102 receives the printing directions (job) 
from a user. The case where the document data for printing are attached, and URI of the document for printing may be 
specified as the job from the user. In the case of the latter, the document acquisition section 104 acquires the document 
for printing from the storing location of the document concerned on a network using the URI. The data of the received 
job and the document which the document acquisition section 104 acquired are stored in the spool buffer 106. The 
document analysis section 108 acquires document data from the spool buffer 106, analyzes the document data, and 
develops it to bit map data printable with the print engine 150. Moreover, in the case of the analysis of the document 
for printing, the document analysis section 108 detects a setup of the security level to a document element or a phrase, 
passes the information to the security evaluation section 130, and asks for evaluation. It judges whether each [ these ] 
component can indicate the security evaluation section 130 to the user concerned by acquiring the security level of the 
user of print job issue origin, and comparing with the security level of each component of the document obtained from 
the document analysis section 108. This judgment result is returned to the document analysis section 108. the 
component which the document analysis section 108 developed the component judged that is [ an indication ] possible 
to the bitmapped image as it was according to this judgment result, and was judged as an indication being impossible - 
turning down - making it a character or making it black painting ****-- etc. - the bit map data which can be printed 
from the original document are constituted by transposing to the image set up beforehand. The obtained bit map data 
are once held at a page buffer 1 10, and are supplied by the output-control section 1 12 to the sequential print engine 
150. 

[003 1 ] The job control section 1 1 4 manages the flow of processing of the job group which received. A touch panel 1 1 8 
is equipment for receiving directions locally, and acquires the directions from the user to the displayed user interface 
screen from a user. The input-control section 116 controls a touch panel 118, acquires the directions from a user, and 
transmits them to each module in a server 100. The notice section 122 emits the notice about the event generated within 
the print server 100 to a predetermined notice place. There is a notice of the event of the print systems 10, such as a 
notice, paper jams, toner pieces, etc. of an event about a job, such as job completion and a form piece, etc. among the 
notices of an event which the notice section 122 emits. These notices are notified to a notice place in forms, such as an 
electronic mail. Notice places are those (for example, system administrator) who are beforehand set as the print system 
10, a notice place which the user specified at the time of print job directions. 

[0032] In addition, each functional module of a print server 100 explained above communicates through the 
communication bus 120 between tasks, and performs processing. 

[0033] Next, with reference to drawing 4 , the printing processing using the print system 10 of this operation gestalt is 
explained. 

[0034] S10: A user first transmits printing directions of the document accumulated in the document server 30 from the 
user terminal 20 to the print system 10. The Print-URI instruction defined by IPP/1.0 is used for these directions. In this 
instruction, URI of the document for printing can be specified as a document-uriIPP operation attribute. The following 
values are specified as this attribute, for example. 

http:// M document-server's address'Vpath/document.html [0035] The character string showing the address of a document 
server is described by "document-servers address" here. Moreover, the publisher name of this instruction is stored in 
the request-user-name attribute which is one of the attributes of this instruction. Generally, if it is the user who logs in 
to the directory service on a network, the user name of the instruction publisher concerned called a 
DISUTINGUISSHUDO name is stored in the attribute. 

[0036] SI 2: The job receive section 102 of the print system 10 which received printing directions from the user 
requests generation of the job corresponding to the directions concerned to the job control section 1 14. 
[0037] SI 4: The job control section 1 14 generates the requested job, when the preparation which writes the job in the 
spool buffer 106 is completed, specifies URI of the document for printing to the document acquisition section 104, and 
performs an acquisition request. 

[0038] SI 6: The document acquisition section 104 which received this request uses the HTTP protocol which is the 
scheme of URI specified with the document-uriIPP operation attribute, acquires the HTML document for [ that ] 
printing from the document server 30 which is a storing location, and performs the writing to the spool buffer 106. 
[0039] SI 8: After the writing of the document to the spool buffer 106 is completed, the job control section 1 14 makes 
the analysis of the document start to the document analysis section 108. Then, the document analysis section 108 starts 
the analysis of an HTML document, and develops it to the bit map data which can be printed. 

[0040] S20: When a Publicity tag or a parameter is detected from an HTML document, the document analysis section 
108 makes the indication propriety of the component corresponding to delivery, the tag concerned, or a parameter for 
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the value of the security level shown in that tag or parameter evaluate in the security level evaluation section 130 in this 
analysis processing. The security level evaluation section 130 judges whether as compared with a user's security level 
acquired from the directory service on a network, the component can indicate the security level of the component, and 
passes the result to the document analysis section 108. When it judges that a component is [ an indication ] possible, the 
document analysis section 108 develops the component to a bitmapped image according to description of an HTML 
document. On the other hand, when a component is judged as an indication being impossible, the document analysis 
section 108 performs secrecy processing according to the security policy set up beforehand to the component. When the 
component is a character string, for example, a discrete character is turned [ which set up beforehand ] down on secrecy 
processing with "*" etc., and there is transposing to a character etc. in it. Moreover, the policy of transposing the part of 
a component [ that it cannot indicate ] to a null or a black painting image, or transposing it to the warning sentence and 
warning image which were set up beforehand is also considered. 

[0041] When the element which should be kept secret in such replacement processing, for example is a character string, 
it turns down and, in the case of an image, it is also suitable for a character to register beforehand black painting etc. 
and the image permuted for every class of component. In the document analysis section 108, the class of the component 
concerned is distinguished from description of a tag, and it transposes to a suitable permutation image according to the 
distinction result. 

[0042] S22: After it does in this way and the expansion to the bitmapped image of the document for printing finishes, 
the job control section 1 14 directs the output of the document to the output-control section 112. Thereby, a bitmapped 
image is supplied to the print engine 1 50, and is printed on a form. 

[0043] The example of the printing result of the HTML document of drawing 2 obtained by such indication security 
management is shown in drawing 5 - drawing 8 . In these examples, the security policy of supposing that an indication 
of the document component is impossible when the value of a user's security level is under the security level of a 
document component, omitting the typesetting itself about the document element with which a security setup was made 
with the Publicity parameter, turning down about the phrase by which a security setup was carried out with the 
Publicity tag, and transposing to a character "*" shall be adopted. 

[0044] Drawing 5 is as a result of [ in the case of the user of the security level 0 ] printing, the document element more 
than level 1 is not printed at all, but only the element with which security level setting is not made is displayed. 
Drawing 6 is as a result of [ in the case of the user of security level 1 ] printing, and the component below level 1 is 
displayed. Drawing 7 is as a result of [ in the case of the user of the security level 2 ] printing, and the phrase M pine, 
bamboo, and plum" (refer to drawing 2 ) which is the component of the security level 3 turns it down, and it is 
transposed to the character "***." Drawing 8 is as a result of [ in the case of the user of the security level 3 ] printing, 
and all the elements of a document are displayed. 

[0045] As explained above, according to the print system 10 of this operation gestalt, it can judge whether it can 
indicate to the user of printing demand origin per component of a document, and a thing [ that it cannot indicate ] can 
be kept secret and printed. Therefore, according to this operation gestalt, indication management according to each 
user's security level can be performed only by preparing the single document to two or more users from whom security 
level differs. 

[0046] In the example beyond <a modification 1>, indication possibility was judged by carrying out the numeric 
comparison of a user's security level and the security level of a document component simply. In this case, in changing 
the range of the document element indicated to the user of each security level, it is necessary whether to change the 
value of the security level of each component, or to change the value of each user's security level. On the other hand, 
this modification explains the example of the structure for making a change of the indication range easier. 
[0047] In this modification, the interpretation of the security level of a user and a document element and the 
comparative Ruhr are registered into the security level evaluation section 130. With reference to' this Ruhr, the security 
level evaluation section 130 compares the security level of a user and a document component, and judges indication 
propriety. 

[0048] For example, the project of Project A is advancing in a certain organization, and the situation of registering the 
document about the project A into the document server 30, and indicating to the project persons concerned is 
considered. The configuration staff of a project shall classify into four steps of level, part-time job, a full-time 
employee, the company-in-charge member of Project A, and the officer [ of Project A ] ** in his duty, and such level 
shall be equivalent to the document indication level (security level) of the staff (user) concerned here. 
[0049] In such an organization, a user object called part-time job, a full-time employee, a project A company-in-charge 
member, and the officer specializing in project A is created to a directory service. In this case, these four sorts of 
objects express each user's security level, and each user is matched with either of these four sorts of user objects. 
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Moreover, the document object showing each document and the security object corresponding to each security level of 
a document component are registered into a directory service. One or more document components are contained in a 
document object, and as drawing 2 showed to this component, security level can be set to it. 
[0050] And in this modification, the Ruhr of an indication judging is given to a security object. For example, it is 
setting the Ruhr, like M an indication to a full-time employee's, a company-in-charge member's, and the officer in charge 
being possible" as the security object corresponding to security level 1 etc. The security level evaluation section 130 
judges whether that component can be indicated to a print job publisher according to the Ruhr set as this object with 
reference to the security object corresponding to the security level of each component of the document for printing. 
[0051] What is necessary is just to change the contents of the Ruhr set as the security object, in changing the indication 
range in this configuration. For example, if the contents of a setting of the security object corresponding to security 
level 1 are changed, the indication range of the document component with which security level is set as 1 can be 
changed collectively. 

[0052] <A modification 2>, next the modification of the acquisition method a user's security level are explained. In this 
modification, the information on security level is included in a user's digital certificate (digital certificate). In this 
method, in case a user performs printing directions, delivery and the print system 10 acquire that user's security level 
from that digital certificate for a digital certificate to the print system 10. In the case of printing directions, between a 
user terminal 20 and the print system 10, when communicating using secure communication modes, such as SSL 
(Secure Socket Layer) which the Netscape company advocates, and TLS (Transport Layer Security:RFC2246) to which 
the specification is opened on the Internet, a mutual digital certificate is exchanged in the case of establishment of a 
secure channel. Therefore, if the information on security level is included in a user's digital certificate, the print system 
10 can acquire the user's security level. 

[0053] By this method, as shown in drawing 9 , the digital certificate Management Department 135 is established in the 
print system 10. In addition, although omitted in drawing 9 , the print system 10 of this modification is equipped with 
the same functional module as the above-mentioned operation gestalt about the configuration of those other than digital 
certificate Management Department 135. Each user's digital certificate which the predetermined certificate authority 
published is registered into the digital certificate Management Department 135. And only the user who registered the 
digital certificate into the digital certificate Management Department 135 is preventing from using a system 10. 
[0054] The procedure at the time of using this system 10 is explained with reference to drawing 9 . 
[0055] S30: When using this print system 10, a user performs the connection request in a secure communication link to 
the print system 10, for example, specifies URI of the following documents for printing, and publishes printing 
directions. 

https://"document-server's address'Vpath/document.html [0056] S32: Connection processing of a secure channel is 
performed between a user terminal and the job receive section 102 of the print system 10 by this connection request, 
and a user's digital certificate is transmitted to the job receive section 102 with this connection processing. 
[0057] S34: The job receive section 102 will ask the digital certificate Management Department 135 whether to be 
what has the just digital certificate of opposite Perilla frutescens (L.) Britton var. crispa (Thunb.) Decne., if a digital 
certificate is received. The digital certificate Management Department 135 judges that the certificate which received the 
digital certificate which received as compared with the digital certificate of the user concerned who is keeping it when 
the same is just. 

[0058] S36: If it does in this way and it is judged that a user's digital certificate is just, the job receive section 102 will 
request job creation to the job control section 114. 

[0059] Creation of a job acquires the document specified by the document acquisition section 104 (it omits in drawing 
9 ) by URI. At this time, the document acquisition section 104 acquires a document from the document server 30 by the 
secure communication mode using that URI. At this time, the document acquisition section 104 carries out substitute 
activation of the document acquisition processing as a user's surrogate by using a user's digital certificate. And in case 
the indication propriety of each component of the acquired document is judged, it judges by acquiring a user's security 
level from a digital certificate. 

[0060] In this modification, a user's security level indicated by the digital certificate in this way can determine the 
indication propriety of the component of a document. Moreover, with this operation gestalt, since the print system 10 
carries out the substitute acquisition of the document by the secure communication mode from the document server 30 
using a requiring agency user's digital certificate, it can prevent leakage of the contents of a document in the channel 
between print system 10 and the document server 30. 

[0061] Moreover, in this modification, since that user's digital certificate is received in the case of the printing 
directions from a user, in case the notice section 122 (refer to drawing 3 ) notifies event generating to that user, using 
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.the public key of the user concerned contained in that digital certificate, the contents of a notice are enciphered and it 
transmits. Thereby, the contents of a notice from the print system 10 to a user can be protected. 
[0062] The example beyond <a modification 3> performed security protection processing of a document by the print 
system 10 side which acquires a document from the document server 30. On the other hand, this modification explains 
the example which performs security protection processing of a document by the document server itself which offers a 
document. Here, a document server is the Web server of WWW and the case where a Web page is displayed on a user 
terminal is taken for an example. 

[0063] The configuration of Web server 60 in this modification is shown in drawing 10 . Web server 60 is equipped 
with the HTTP demon 602, the script activation section 604, the security level evaluation section 606, the response 
document generation section 608, and the document repository 610 as a functional module. The HTTP demon 602 
receives the demand from a user, and transmits the information on the response document according to it to a user. The 
script activation section 604 performs various scripts required for processing of a Web server. The document repository 
610 has saved and managed various HTML documents. In this, the HTML document to which security level as shown 
in drawing 2 was set is also contained. To the HTML document taken out from the document repository 610, the 
response document generation section 608 is edited so that it may become the contents of an indication according to a 
requiring agency user's security level. The security evaluation section 606 judges whether it indicates to the user for 
every component based on the security level of each component of an HTML document, and a user's security level. In 
addition, the user terminal 50 should just be equipped with the general web browser. 
[0064] Next, the procedure of this Web server is explained with reference to drawing 1 1 . 

[0065] S50: A user emits the document acquisition instruction about a desired document from the browser of a user 
terminal 50 to Web server 60 using a HTTP protocol. 

[0066] S52: The HTTP demon 602 receives this document acquisition instruction, and make the script activation 
section 604 perform the script for the response document generation to the instruction of opposite Perilla frutescens (L.) 
Britton var. crispa (Thunb.) Decne. in Web server 60. 

[0067] S54: A generation request of a response document is made to the response document generation section 608 by 
the script play. 

[0068] S56: According to this request, the response document generation section 608 acquires first the document 
directed with a document acquisition instruction from the document repository 608. 

[0069] S58: and the response document generation section 608 investigate the tag of the acquired document in order, 
and extract the document component with which security level is set up. 

[0070] S60: If the component with which security level is set up is found, the response document generation section 
608 will request evaluation of the indication nature of the component to the security level evaluation section 606. The 
security level evaluation section 606 which received this judges whether each [ these ] component can indicate to the 
user based on the comparison with the security level of the component, and the security level of the user of a requiring 
agency. The information on a user's security level is acquirable by the technique illustrated in the above-mentioned 
operation gestalt. In this judgment, according to the security policy set up beforehand, it turns down and secrecy 
processing of transposing to a character or a black painting image is performed about the component judged that cannot 
indicate. For example, in the HTML document concerned, it is turning down each alphabetic character of the character 
string which should be kept secret, and replacing with a character "*" etc. In order to prevent malfunction of a browser 
etc. at this time, the tag (Publicity tag) and parameter (Publicity parameter) which show security level may be deleted. 
The acquired whole document is covered and such S58 and S60 are processed. 

[0071] The HTML document which turned down the part which cannot be indicated to the user of a requiring agency, 
and was permuted by the character etc. is made as a result of this processing. Thus, the made HTML document is 
transmitted to the user terminal 50 of a requiring agency from the HTTP demon 602. 

[0072] At a user terminal 50, the HTML document which carried out in this way and was acquired is displayed by the 
usual browser. In this case, the component judged as the ability of that user not to peruse is turned down, and is kept 
secret in the character permutation etc., and a user cannot know those contents. 

[0073] Thus, in this modification, Web server 60 draws up the HTML document of the contents of an indication 
according to each user's security level, and sends to a user. Therefore, even if there is no function special to the browser 
of a user terminal, it can avoid indicating the part which cannot be indicated to a user. 

[0074] In the above, the gestalt and modification of suitable operation of this invention were explained. As explained 
above, according to this operation gestalt and its modification, an indication is controllable per component of a 
document to each user from whom security level (access permission) differs. 

[0075] In addition, although indication control of an alphabetic character and an image was explained above, the 
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technique of this invention is applicable similarly about the dynamic image and voice (sound) in a multimedia 
document etc. For example, although a dynamic image and a sound are incorporable into an HTML document as a 
document element, for example, a Publicity parameter can be set as the tag of the element, and indication control can 
be performed according to the parameter. 

[0076] Moreover, although HTML was taken for the example above as a format of the document with which a user is 
provided, the technique of this this invention is applicable not only like HTML but the document of other markup 
languages, such as XML. If it is the format which can set up attribute information for every document component even 
if it will be the format of those other than a markup language, if it furthermore says, the technique of the above- 
mentioned operation gestalt is applicable by setting up security level as one of the attribute information of the. 
[0077] Moreover, although the technique replaced with the image prepared beforehand, a notation, etc. as the technique 
of keeping secret the document component which cannot be indicated was explained above, the technique of secrecy is 
not restricted to such a permutation. For example, it is also suitable to make image filters (for what kind of filter to be 
sufficient as long as it seems that the image of a dimension is not clear anymore), such as an equalization filter, act to 
the image of the once generated component, and to keep it secret. 
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, * NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1 This document has been translated by computer. So the translation may not reflect the original precisely. 

2 **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 
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